diff --git a/tests/regress/mem_fuzz.c b/tests/regress/mem_fuzz.c index aee3cdb0..bbf37eec 100644 --- a/tests/regress/mem_fuzz.c +++ b/tests/regress/mem_fuzz.c @@ -44,14 +44,14 @@ uint64_t get_aligned_len(){ void perform_map_step(uc_engine *uc){ uint64_t addr = get_aligned_addr(); uint64_t len = get_aligned_len(); - printf("map(0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); + printf("map(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); uc_mem_map(uc, addr, len, UC_PROT_READ | UC_PROT_WRITE); } void perform_unmap_step(uc_engine *uc){ uint64_t addr = get_aligned_addr(); uint64_t len = get_aligned_len(); - printf("unmap(0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); + printf("unmap(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); uc_mem_unmap(uc, addr, len); } @@ -60,7 +60,7 @@ void perform_write_step(uc_engine *uc){ memset(buff, 0, 4096*4); uint64_t addr = get_addr(); uint64_t len = get_len()%(4096*3); - printf("write(0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); + printf("write(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); uc_mem_write(uc, addr, buff, len); } @@ -68,16 +68,16 @@ void perform_read_step(uc_engine *uc){ char* buff[4096*4]; uint64_t addr = get_addr(); uint64_t len = get_len()%(4096*3); - printf("read(0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); + printf("read(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step); uc_mem_read(uc, addr, buff, len); } void perform_fuzz_step(uc_engine *uc){ - switch( ((uint32_t)rand())%2 ){ + switch( ((uint32_t)rand())%4 ){ case 0: perform_map_step(uc); break; case 1: perform_unmap_step(uc); break; - //case 2: perform_read_step(uc); break; - //case 3: perform_write_step(uc); break; + case 2: perform_read_step(uc); break; + case 3: perform_write_step(uc); break; } } diff --git a/tests/unit/test_mem_map.c b/tests/unit/test_mem_map.c index 6b743f0c..303a370b 100644 --- a/tests/unit/test_mem_map.c +++ b/tests/unit/test_mem_map.c @@ -158,6 +158,52 @@ static void test_strange_map(void **state) uc_mem_unmap(uc, 0x0,0x1000); } +void write(uc_engine* uc, uint64_t addr, uint64_t len){ + uint8_t* buff = alloca(len); + memset(buff,0,len); + uc_mem_write(uc, addr, buff, len); + +} + +void read(uc_engine* uc, uint64_t addr, uint64_t len){ + uint8_t* buff = alloca(len); + uc_mem_read(uc, addr, buff, len); +} + +void map(uc_engine* uc, uint64_t addr, uint64_t len){ + uc_mem_map(uc, addr, len, UC_PROT_READ | UC_PROT_WRITE); +} + +void unmap(uc_engine* uc, uint64_t addr, uint64_t len){ + uc_mem_unmap(uc, addr, len); +} + +//most likely same bug as in test_strange_map, but looked different in fuzzer (sefault instead of assertion fail) +static void test_assertion_fail(void **state){ + uc_engine *uc = *state; + + map(uc,0x2000,0x4000); //5 + unmap(uc,0x3000,0x2000); //11 + map(uc,0x0,0x2000); //23 + map(uc,0x3000,0x2000); //24 + map(uc,0x9000,0x4000); //32 + map(uc,0x8000,0x1000); //34 + unmap(uc,0x1000,0x4000); //35 +} + +static void test_bad_offset(void **state){ + uc_engine *uc = *state; + map(uc,0x9000,0x4000); //17 + map(uc,0x4000,0x2000); //32 + unmap(uc,0x5000,0x1000); //35 + map(uc,0x0,0x1000); //42 + map(uc,0x5000,0x4000); //51 + map(uc,0x2000,0x1000); //53 + map(uc,0x1000,0x1000); //55 + unmap(uc,0x7000,0x3000); //58 + unmap(uc,0x5000,0x1000); //59 + unmap(uc,0x4000,0x2000); //70 +} @@ -167,6 +213,8 @@ int main(void) { test(test_basic), //test(test_bad_read), //test(test_bad_write), + test(test_bad_offset), + test(test_assertion_fail), test(test_bad_unmap), test(test_rw_across_boundaries), test(test_unmap_double_map),